CVE-2026-8229

Name of the Vulnerable Software and Affected Versions Wavlink NU516U1 version 240425

Description An OS command injection flaw exists in the WifiBasic() function within the '/cgi-bin/wireless.cgi' endpoint. This issue occurs when the AuthMethod or EncrypType arguments are manipulated, allowing for remote exploitation.

Recommendations As a temporary workaround, restrict access to the '/cgi-bin/wireless.cgi' endpoint or avoid using the AuthMethod and EncrypType parameters until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.